Secure your Registration Code with AWS Secrets Manager
Learn how to leverage AWS Secrets Manager as a secret store for the Nano Agent Registration Code (There is an assumption that you are familiar with AWS, IAM, and EKS and how the 3 interact).
Overview
Spyderbat Nano Agent registration code is a unique alpha-numeric combination that is used to associate the installed Nano Agents with your organization in Spyderbat backend and the data. This registration code can only be visible in the Spyderbat UI to the users in your organization with the relevant permissions (check out our article on User Roles nd Permissions for more info).
You may choose to store your organization's Nano Agent Registration Code in the AWS Secrets Manager, to facilitate the use of automation for agent deployment or to adhere to required internal processes, in which case you will need to follow the steps below.
Adding the Agent Registration Code to AWS Secrets Manager
First you will need to store the registration keys in Secrets Manager and get the ARN for it:
Next step is to create an IAM Policy that allows GetSecretValue and DescribeSecret for it. After that, add the AWS secrets store csi driver to your cluster if it is not already available.
Accessing the Agent Registration Code in AWS Secrets Manager
Create a role that will have access to the above mentioned policy and is federated to your eks cluster (see associate-iam-oidc-provider):
Modifying Helm Chart to Query AWS Secrets Manager
Now that you have all those values, you can run a Helm chart install of the Nano Agent to reference that secret and mount it accordingly. You could utilize your own custom values.yaml file or by overriding via --set in the Helm CLI:
The steps above represent one of the ways this task could be accomplished. If you have any questions feel free to contact us at support@spyderbat.com.
Last updated